My security.conf has the following entry:
<DirectoryMatch "/\.(.+)"> Require all denied </DirectoryMatch>
That blocks all hidden directories. So I’m trying to alter the entry to block everything but ‘.well-known’ using the following:
<DirectoryMatch ~ "^/\.((?!well\-known$).*)">
I’ve tested the regex expression using two separate engines and it works fine, but when apache2.4.7 processes it, it doesn’t do what I expected and allows just about everything.
Anyone able to assist me to tweak this?
Here we are trying to secure the net, and the folder choice for this challenge is going to break a lot of servers out there. Why was .well-known chosed from all the possible options?